Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
91b38d7c by Moritz Muehlenhoff at 2024-09-20T16:45:47+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,7 +38,7 @@ CVE-2024-8651 (A vulnerability in NetCat CMS allows an
attacker to send a specia
CVE-2024-8375 (There exists a use after free vulnerability in Reverb.Reverb
supports ...)
NOT-FOR-US: Google Reverb
CVE-2024-8354 (A flaw was found in QEMU. An assertion failure was present in
the usb_ ...)
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1082377)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313497
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2548
CVE-2024-7785 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -82,10 +82,10 @@ CVE-2024-45807 (Envoy is a cloud-native high-performance
edge/middle/service pro
CVE-2024-45806 (Envoy is a cloud-native high-performance edge/middle/service
proxy. A ...)
- envoyproxy <itp> (bug #987544)
CVE-2024-45752 (logiops through 0.3.4, in its default configuration, allows
any unpriv ...)
- - logiops <unfixed>
+ - logiops <unfixed> (bug #1082378)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1226598
CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In
affected vers ...)
- - puma <unfixed>
+ - puma <unfixed> (bug #1082379)
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4
NOTE: Fixed by:
https://github.com/puma/puma/commit/cac3fd18cf29ed43719ff5d52d9cfec215f0a043
(v6.4.3)
CVE-2024-43496 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
@@ -103,7 +103,7 @@ CVE-2024-38016 (Microsoft Office Visio Remote Code
Execution Vulnerability)
CVE-2024-33109 (Directory Traversal in the web interface of the Tiptel IP 286
with fir ...)
NOT-FOR-US: Tiptel
CVE-2024-31570 (libfreeimage in FreeImage 3.4.0 through 3.18.0 has a
stack-based buffe ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1082380)
NOTE: https://sourceforge.net/p/freeimage/bugs/355/
NOTE: https://www.openwall.com/lists/oss-security/2024/04/11/10
CVE-2024-25673 (Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and
all earli ...)
@@ -123,7 +123,7 @@ CVE-2024-8850 (The MC4WP: Mailchimp for WordPress plugin
for WordPress is vulner
CVE-2024-8364 (The WP Custom Fields Search plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7254 (Any project that parses untrusted Protocol Buffers
datacontaining an a ...)
- - protobuf <unfixed>
+ - protobuf <unfixed> (bug #1082381)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa
CVE-2024-47089 (This vulnerability exists in the Apex Softcell LD Geo due to
improper ...)
NOT-FOR-US: Apex Softcell LD Geo
@@ -869,7 +869,7 @@ CVE-2024-8897 (Under certain conditions, an attacker with
the ability to redirec
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-45/#CVE-2024-8897
CVE-2024-8796 (Under the default configuration, Devise-Two-Factor versions >=
2.2.0 & ...)
- - ruby-devise-two-factor <unfixed>
+ - ruby-devise-two-factor <unfixed> (bug #1082382)
NOTE:
https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-qjxf-mc72-wjr2
CVE-2024-8767 (Sensitive data disclosure and manipulation due to unnecessary
privileg ...)
NOT-FOR-US: Acronis
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91b38d7cdb6c246a8d21472b9654734d70821e87
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91b38d7cdb6c246a8d21472b9654734d70821e87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
